Curbside Consult with Dr. Jayne 10/30/23

Among telehealth physicians, there’s a lot of chatter about an upcoming change in Centers for Medicare and Medicaid Services (CMS) policy that would require physicians and other healthcare providers to report their home addresses when conducting virtual visits from home.

This hasn’t been an issue during the last couple of years because CMS had issued a waiver for the requirement due to the pandemic. However, the agency has indicated that the waiver will end on December 31. Many organizations, including the American Hospital Association, the American Telemedicine Association, and the Alliance for Connected Care have come out in support of healthcare workers, citing privacy and security concerns as well as the rise in violence against healthcare workers.

As someone who has been stalked by a patient, it’s scary to think about patients being able to easily find your home address. Much of the information providers give to CMS (in the form of applications and enrollment documents) winds up on publicly available websites. A simple browser search can provide a surprising amount of information on physicians who haven’t taken steps to protect themselves. Although this is getting a lot of attention right now, it just scratches the surface at highlighting how the patchwork of laws in the US isn’t conducive to helping physicians deliver high-quality care when they want to be 100% virtual.

Problems with governmental agencies are highlighted when physicians apply to deliver telehealth care through national platforms. For example, the major players in the industry require physicians to have a current and unrestricted Drug Enforcement Agency (DEA) number. They use this as a way of screening out “problem” physicians who might have lost their controlled substance prescribing privileges. The companies in question don’t even allow their physicians to prescribe controlled substances and most of the ones that I’ve worked for actively prohibit any controlled substance activity.

Then, there are various states that have their own controlled substance agencies, which typically require the use of an address where controlled substance activities are taking place. This adds to the confusion for those of us who are practicing telehealth but not ever prescribing controlled substances, yet have to attest to the DEA and these state agencies that we have a physical location where they can theoretically come inspect our records.

In my situation, I “see” patients on a handful of telehealth platforms, all of which keep my records electronically. The evidence that I do not indeed prescribe controlled substances is housed on a variety of servers and I have no authority to grant access to any of them. It’s been a decade since I had a prescription pad in my hand. Yet, on the advice of counsel, I keep a locked file cabinet in my basement that houses my controlled substance records. It contains copies of my DEA certificates, state controlled substance authority certificates, various applications and renewal forms, and nothing else.

It’s pretty ridiculous that they expect you to have locked files, since many of us haven’t seen a paper chart for decades. If you ask my state what I should do, they tell me I should surrender my state controlled substance certificate because I’m not prescribing controlled substances. If I do that, I have to surrender my DEA certificate. And if I do that, I can’t work. Every time I have to renew one of these and attest that I’m following the rules, it makes me cringe.

There’s plenty of shared culpability here, from the agencies that haven’t kept their regulations current with how care is being delivered at present to the telehealth organizations that require certifications that don’t make sense for the work they’re hiring us to do. I understand using a variety of strategies to help root out bad apples, but I also take issue with physicians being asked to skirt the truth in order to earn a living.

Not to mention, the cost of maintaining DEA and state controlled substances certificates is not insignificant. There’s also now a continued medical education burden for maintenance of the DEA certificate. Although fortunately there are plenty of free courses out there that will fulfill the requirement, it’s grating to have to spend a minimum of eight hours on coursework that isn’t relevant to a physician’s current practice situation.

It’s also grating to know that some of the big telehealth players are doing some things that could best be described as “sketchy.” One well-known platform where a colleague recently applied to work wanted him to begin a payer enrollment and credentialing process without providing any kind of contractual agreement. I gave him a heads up that their standard non-compete agreement would likely contain a clause that would be a problem with his other employment obligations, but when he asked about it, they went radio silent.

Speaking of credentialing, that’s another problematic element for physicians who want to be 100% virtual since we’re often asked to provide information that’s not relevant (DEA number, anyone?) along with current malpractice insurance policies even if they’re not relevant to the organization where we’re trying to get credentialed.

Although a lot of telehealth physicians have day jobs and are just picking up extra telehealth hours for extra cash, some do it full time. Even though they may have a large organization backing them as far as having a non-home work address they can use, and where they can keep their DEA and state controlled substance numbers registered, in many circumstances they’re still having to fudge the attestations when they sign their renewal forms for those certifications simply because they’re NOT prescribing controlled substances. Now, many of us have to revisit whether we’re going to opt out of Medicare or whether we want to take the risk of having our home addresses made public. Opting out of Medicare brings its own problems, and further narrows the options for positions where we can use our skills.

The DEA and state controlled substance certificate issues don’t impact the majority of physicians who deliver telehealth services, because the vast majority of them have a physical practice location where they might be prescribing controlled substances and the issue becomes moot. However, the Medicare address issue affects many more physicians, including those working for large health systems who might be at home when they engage with their patients via telehealth. I’m hopeful it will get more attention. If we can get this issue resolved, maybe we can get some of the other issues resolved, although I’m not hopeful because it’s way too easy for organizations to simply use a DEA number as a proxy for past good behavior.

What do you think about making physician and healthcare provider addresses publicly available? Leave a comment or email me.

Email Dr. Jayne.